Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =8e8393b4da86271fb6deb00c0cbb1a8f

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    8e8393b4da86271fb6deb00c0cbb1a8f2d16a659b52e5140451259d6468e756e4dd9af950370d695bd1319c7bc61eff9dfec4dd10e63270680ac8776d3aac300f070ec121536:L6/m+isoPeLg9BGaFwCIycD1FKlpCTALvmAL0Ou4OkUcApQgEYa9YceGuY4:LcmFPeLg9QNBzuL102400

    File Results

    File Name
    kp.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    Generic.dx!zumMcAfee
    UDS:DangerousObject.Multi.GenericKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Application Data6yd6z9g44.bat
    c:/Documents and Settings/dmc73144/Application Dataef0jn.log
    c:/Documents and Settings/dmc73144/Application Datagsgu.exe
    c:/Documents and Settings/dmc73144/Application DataMouseDriver.bat
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchDIEP.EXE-0B3E1DC8.pf
    c:/WINDOWS/PrefetchGRPCONV.EXE-111CD845.pf
    c:/WINDOWS/PrefetchGSGU.EXE-180CBE34.pf
    c:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-253557CF.pf
    c:/WINDOWS/PrefetchRUNONCE.EXE-2803F297.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalServicentuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchNTOSBOOT-B00DFAAD.pf
    modifiedc:/WINDOWS/PrefetchSCP.EXE-174845DC.pf
    modifiedc:/WINDOWS/PrefetchSENDIT.EXE-34C997E3.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/PrefetchWUAUCLT.EXE-399A8E72.pf
    modifiedc:/WINDOWSSchedLgU.Txt
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.chk
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed4B C6 62 04 26 34 54 6D D1 E2 DC 4A 7E 92 94 2F CC 87 F3 1D 69 52 7F 1E 67 4C B6 25 E3 52 7E CB 63 65 84 99 B8 EC 93 8D 38 77 BD EC 24 82 73 BA 5B 47 78 B7 23 B
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19RefCount0x00000002 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/ControlSet001/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    w.nucleardiscover.comStandard query response A 60.190.223.75

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6605648723368
    17305250

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    8886605648723368
    190017305250

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    22:49:122011-06-08610.10.10.760.190.223.75-> e 94888141160
    22:49:182011-06-08610.10.10.760.190.223.75-> e 9488810600
    22:49:232011-06-08610.10.10.760.190.223.75-> e 948885300
    22:50:252011-06-08610.10.10.760.190.223.75-> e 16888131100
    22:50:302011-06-08610.10.10.760.190.223.75-> e 1688810600
    22:50:352011-06-08610.10.10.760.190.223.75-> e 168886360
    22:51:372011-06-08610.10.10.760.190.223.75-> e 514888131100
    22:51:422011-06-08610.10.10.760.190.223.75-> e 51488810600
    22:51:472011-06-08610.10.10.760.190.223.75-> e 5148886360
    22:52:502011-06-08610.10.10.760.190.223.75-> e 640888131100
    22:52:552011-06-08610.10.10.760.190.223.75-> e 64088811660
    22:53:002011-06-08610.10.10.760.190.223.75-> e 6408885300
    22:48:032011-06-081710.10.10.7239.255.255.250-> e 362319001175
    22:54:362011-06-081710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location